Cloud Computing: Top 10 Worst Practices

It is no surprise that many IT organizations are struggling to implement enterprise solutions in the cloud. After all, we have seen IT struggle for decades with many "new" initiatives like SOA, ERP implementations, Enterprise Architecture, etc. The following list captures what I call cloud computing worst practices. Many of these items on the list are the same mistakes that IT has been making for decades while others are specific to cloud computing.

1. No business justification - This is the age old problem where IT has a hammer (cloud computing) and sees every business problem as a nail. The reasons for using cloud computing should be directly related to business goals. After all, the reason IT exists is to support the business. I have seen many IT shops take on cloud computing for technology's sake. Start with the problem, not the solution.

2. Unrealistic expectations - Like SOA and other hyped technologies, cloud computing is not a silver bullet. In fact, if you don't architect it correctly you will likely expose your company to more risks, outages, and costs than your currently functioning on-premise solutions. Don't underestimate the impact of organization change. Many people, especially system administrators, security personnel, and people who like the status quo may fight it tooth and nail. This is just another page out of the SOA playbook. People can kill any good technical solution.

3. Jumping in too soon - It is easy to get started in the cloud. Simply sign up with a credit card and you can start living large in the cloud. That's great for R&D, off loading adhoc processing, or just experimenting, but if you are planning on building enterprise ready production solutions in the cloud you had better do your homework first. I have seen IT shops put corporate data in the cloud without understanding the ramifications. My recommendation is to spend some time at the Cloud Security Alliance website and download the CSA Guide. Read it front to back and understand what needs to be addressed. Then decide if cloud computing is a fit for your organization's culture.

4. No focus on architecture - Classic IT here. When will we learn? To deploy enterprise solutions in the cloud, off-premise solutions must be architected differently than on-premise solutions. Let's learn our lesson from all of the SOA failures and focus on architecture. You don't buy security, compliance, failover, performance, resilency....you build it!

5. Moving legacy to the cloud - This might be the biggest mistake of them all. Most legacy applications were never intended to be exposed outside the corporate firewall. I have seen companies spend stupid money trying to retrofit existing systems that work fine and make them "cloud enabled", all in the name of saving money. The end result is often a more expensive system with more security issues, less stability, and more complexity. Unless your legacy system is based on a service oriented architecture, the cloud is better served for new applications, not legacy.

6. Depending on the cloud vendor for security - Some companies see the cloud as an opportunity to outsource security. Nothing could be further from the truth. Running systems outside your firewall requires more security from your application development teams than ever before. No longer can companies deliver applications with little to no application security and hide behind a corporate firewall. Now companies must actually deliver secure software and many don't have the talent and know how to meet the challenge.

7. Not addressing the risks - If you downloaded and read the CSA Guide, you will notice that there are a lot of risks when deploying in the cloud. That doesn't mean that the cloud is bad, but if don't address the risks, your solution will be beyond bad. You must address issues like data ownership, consumer privacy, PCI compliance, country specific regulations, and much more. Ignore these risks and you could expose your company to security breaches, outages, and failed audits. As the old saying goes, "You can pay me now or pay me later".

8. Underestimating the effort - If you listen to the vendor case studies you will hear about the weekend success stories like the Washington Post where a ton of work was accomplished over night for less than $200. Yes these are real case studies but these are not real enterprise solutions. They are one-offs where a ton of work is offloaded to the cloud for pay as you go processing. That is much different than architecting a fully operation production system in the cloud. You will need more than a credit card for one of those!

9. Selecting the wrong vendor - If you pick your cloud vendor because of an existing relationship with your favorite vendor you should be shot on site. First of all, the mega vendors like IBM, Microsoft, and HP are late to the game and are not thought leaders in the cloud. In fact, you would be hard pressed to find a significant real life enterprise solution deployed on any of the mega vendors' platforms since they are all relatively new. Instead, understand your requirements. Before selecting a vendor, figure out what type of cloud makes sense for the business problem and your architectural standards. Are you looking for Infrastructure as a Service (IaaS) and want to be free to code in any language? Are you willing to be locked in to a Platform as a Service (PaaS) vendor and write in the code mandated by the platform? Or do you simply need to assess Software as a Service (SaaS) solutions? Or maybe you need a combination of these. Do you need virtual datacenters outside of the US? Do you need a public cloud, private cloud, or a hybrid cloud solution? There are a lot of questions to answer before you settle on a vendor. Picking Azure because your developers know C# is like playing Russian Roulette. Close your eyes before pulling the trigger!

10. Lack of talent - And finally, like every other failed attempt at implementing new technology, many shops just don't have the talent needed, don't train their staff sufficiently, or hire consultants who apply the previous nine worst practices. Cloud Computing can allow companies to compete like never before. Unfortunately, there are a lot of people who can screw it up.

In my experience, the single greatest danger is in trying to retrofit existing applications/services to cloud resources. It is possible to do successfully, but it is very hard in most cases, and even more costly than simply buying or leasing some commercial capabiloity that can do the same thing.

Are you saying that the claims of the middleware industry of being able to handle cloud computing are false in many cases, did I read that wrong? What I am asking is, did anyone get cloud integration right?

I know that there are a lot of claims and the trendy new word to use in the tech marketing world is cloud computing or integration, I swear it's spreading like wild fire. But as someone stated before me where are the people that have the talent and have the "right" SOA principles?

I agree on your point about security and companies just throwing themselves into cloud integration because everyone else is doing it...that's just not a good enough reason to possibly discover that it's no right for your company.
Good article to start off on! Thanks!

No, I did not say anything related to middleware integration. I am assuming you are referring to my statement that legacy apps are not a best fit for moving to the cloud. The issue isn't so much about middle ware as it is about architecture. Apps built on premise will and should have a different architecture than apps built for off premise.

Disclaimer: Blog contents express the viewpoints of their independent authors and
are not reviewed for correctness or accuracy by
Toolbox for IT. Any opinions, comments, solutions or other commentary
expressed by blog authors are not endorsed or recommended by
Toolbox for IT
or any vendor. If you feel a blog entry is inappropriate,
click here to notify
Toolbox for IT.